Any age verification should come with an OAUTH style government run API. The idea being you verify your ID with the government, and the service that required age verification gets back a true or false for does this user meet this age requirement. That way the amount of data shared is kept to a minimum.

The UK, and Brazil who passed a similar law, 'cheated' by just forcing private companies to figure it out.

No, this is an absolutely terrible idea. You're suggesting a giant, centralized, government-run data silo, with all of your online activity tied to your real-world ID. This is far worse for privacy than any data broker, it's hard to even compare.

Honestly I'd rather have private companies figure it out. Then at least you'll get multiple options, including from privacy-first companies. But that still sucks, and my preference strongly goes towards OS-level Age Indication. Just as effective in practice, 100% private and offline.

The EU is already implementing this in the best way it's ever going to be implemented:

https://digital-strategy.ec.europa.eu/en/policies/eu-age-ver...

I really don't like this perfect law enforcement future, but this EU initiative is about the best design one can have.

Ironic that Brazil government tends to pay lip service to digital sovereignty while forcing their own citizens to handle their data to Zuckerberg and Peter Thiel.

Wrong, because then that government knows exactly what services you have accessed. It's a huge and extremely dangerous privacy violation. The real solution to the age verification problem is not to have one. The Internet has existed for over 30 years without it; it's solution to a problem that does not exist.

Now your government knows you are a registered user of PornHub.

It will be fun when (not if) the database is leaked.

> The UK, and Brazil who passed a similar law, 'cheated' by just forcing private companies to figure it out.

At least on the Brazilian case, it's outright illegal for a private company to implement the thing you are describing. So, if the government doesn't provide the service, there isn't much for them to figure out.

UK Gov sometimes likes to do things in very awkward ways, against any sort of worldly grain established. See the covid app.

However my Apple ID verified me based on my account age, I didn't need to provide anything.

Some kind of Digital ID?

The UK government proposed that and was met by the usual resistance to it.

Fuck that. California's way is the absolute maximum that should be done: When accounts get created on an operating system, allow the user to provide a completely unproven age. Then that age should be the only age check.

If the goal really is to just help parents prevent their kids from accessing inappropriate material, that's plenty. Anything else, and you're admitting the real goal is Big Brother style surveillance.

In EU we have EIDAS, at least in some countries. It works. But mostly just for actual citizens.

If the US had this, Trump would definitely be using it right now to send ICE to arrest people that said mean things about him on social media, didn't drop out of college, didn't bribe him enough, etc.